https://en.bitcoin.it/w/api.php?action=feedcontributions&feedformat=atom&user=ClefruBitcoin Wiki - User contributions [en]2026-04-06T05:30:24ZUser contributionsMediaWiki 1.43.8https://en.bitcoin.it/w/index.php?title=Address_reuse&diff=53796Address reuse2015-01-13T17:39:38Z<p>Clefru: Insert reference for private key recovery from weak signatures</p>
<hr />
<div>Address reuse is the practice of sending multiple transactions to the same address.<br />
This works by "accident", not by design.<br />
It is considered a bad practice, and not something that should be done.<br />
<br />
== Problems ==<br />
=== Privacy ===<br />
Address reuse harms the privacy of not only yourself, but also others - including many not related to the transaction.<br />
In some cases, these risks are serious enough that they are likely in violation of reasonable consumer protection laws.<br />
<br />
=== Security ===<br />
Bitcoin does not, at a low level, have any concept of addresses, only individual coins.<br />
Address reuse, at this layer, requires producing multiple digital signatures when you spend bitcoins.<br />
Multiple situations have been found where more than one digital signature can be used to calculate the private key needed to spend bitcoins.<br />
Even if you spend all the bitcoins claimed by this private key at once, it is still possible to double-spend them in theft before they confirm.<br />
While the situations for finding the private key from signatures have been fixed, it is not prudent to assume there aren't more such situations yet unknown.<br />
<br />
In the case of spending all the TXOs in a single transaction, there is an additional risk if someone is actively monitoring the network for vulnerable transactions:<br />
upon receiving such a transaction, they can split up their double spends such that there is only one ECDSA verification per transaction (making a single transaction for each TXO);<br />
this will cause the attacker's transactions to relay across the rest of the nodes ''faster'' than the legitimate one, increasing success of a double spend.<br />
<br />
==== Known attacks ====<br />
<br />
* Same K in multiple signatures, see [http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html Recovering Bitcoin private keys using weak signatures from the blockchain].<br />
* [https://eprint.iacr.org/2014/140.pdf Timing sidechannel]<br />
<br />
=== Accidental loss ===<br />
In Bitcoin abstraction, an address is an invoice for a specific payment.<br />
Once that payment is made, the receiving party has no reason to retain the data for the address (technical details simplified) and may discard it.<br />
Even if someone does not choose to discard that data, it may have since been lost in an accident or compromised.<br />
In any of these situations, any future payments to the same address would go in to a "black hole", and be forever lost through no fault of the recipient.<br />
<br />
=== Confusion ===<br />
Users who see addresses reused may incorrectly be led to believe they function similarly to wallets or bank accounts.<br />
Often this is manifested in people talking about nonsense like "[[Address#Address_balances|address balance]]", "wallet address", "[[From_address|from address]]", and similar [[Address#Misconceptions|misconceptions]] that don't actually exist in Bitcoin.<br />
<br />
== Notable offenders ==<br />
Some notable Bitcoin software and services encourage or require address reuse:<br />
* Many bitcoin mining pools (especially [[Eligius]])<br />
* Various wallets (usually BitcoinJ-based) reuse addresses for change.<br />
* Electrum displays addresses in a way that encourages confusion and address reuse and misuse.</div>Clefru